April 2016 – Page 4 – A Geek With Guns

Do As We Say, Not As We Do

A lot of people are talking about the Panama Papers. This treasure trove of shell corporations created by utilizing the services of Mossack Fonseca measures in at over 2.5 terabytes in size and it seems to contain dirt on almost every politician. The prime minister of Iceland just resigned due to public outrage stirred by his name appearing in the papers and others are likely to follow.

But the real scandal isn’t that these politicians are utilizing tax havens to protect their wealth. The real scandal is that these politicians continue to hunt those who utilize tax havens while making use of such wealth preserving institutions themselves.

There is nothing immoral about trying to conceal your wealth from thieves. In fact doing so is meritorious. In the case of tax thieves concealing wealth keeps resources out of the hands of the most violent gangs in the world. The less resources the State has the less effective it is as subjugating its victims. We shouldn’t decry anybody for protecting their wealth from the State.

What we should decry are thieves and these politicians are not only thieves but their dishonest thieves. In public these politicians espouse the merits of taxes and viciously criticize tax evaders. In private they are whisking their wealth away to the exact same places using the exact same tactics as private tax evaders. I believe the only fair thing to do in this case is treat these politicians the exact same way they treat private tax evaders. Make examples of them in the media. Hold a show trial. Then lock them in a cage for the rest of their lives. And do this not because they’re tax evaders but because they’ve gleefully inflicted such harm on tax evaders themselves.

If You Don’t Own It, It’s Not Yours

If you don’t own it, it’s not yours. A lot of people are learning that lesson today after Google announced that it would be disabling customers’ Revolv smart-home hub in spite of the promised lifetime subscription:

As we reported on Tuesday, shutting down the Revolv smart-home hubs does not mean Nest is ceasing to support its products, leaving them vulnerable to bugs and other unpatched issues. It means that the $300 (£211) devices and accompanying apps will stop working completely.

[…]

And the decision to deliberately disable the smart-home hubs comes despite the fact they were previously advertised as having a “lifetime subscription.”

Do you own the devices you purchase? If you read most license agreements, which you usually can’t read until you’ve purchased and opened the product, you’re not buying the product but a license to use the product. This is especially true with products that include software, which are regulated under easily abused copyright laws. John Deere, for example, claims you don’t own your tractor, you’re merely licensing it. Because of that John Deere argues that you’re not allowed to fix the tractor as that is a violation of the license you agreed to.

The problem with licenses is that they can be revoked. In this case Google is not only ceasing online services for the Revolv but is entirely bricking the devices themselves, which is likely allowed under the device’s license agreement (those agreements basically read, “We can do whatever we want and you agree to like it.”) regardless of any marketing promises of a “lifetime subscription.”

Had the Revolv been a device that ran open source software with a permissive license its fate wouldn’t be so bleak. At least the option would exist for developers to continue updating the software and creating an alternate online service. That’s the type of freedom ownership allows but licensing usually doesn’t.

As more devices are needlessly tied to “the cloud” we’re going to see more bullshit like this. In my eyes it’s the “in-app purchases” economy brought into the physical world. Many applications used to sell for a one-time fee only for the developers to change their mind and start relying on in-app purchases. An example of this is Cyclemeter. When I first purchased the app it included everything. Now you need to pay a yearly subscription fee via the in-app purchase feature to unlock most of the features. The same bait and switch is coming to our physical world via the Internet of Things. Manufacturers will brick older devices to persuade customers to buy the latest model. Since these devices are almost exclusively licensed instead of owned there will be little recourse for customers. It’s going to be a large scale demonstration of if you don’t own it, it’s not yours.

An Encrypted Society Is A Polite Society

Playing off of my post from earlier today, I feel that it’s time to update Heinlein’s famous phrase. Not only is an armed society a polite society but an encrypted society is a polite society.

This article in Vice discusses the importance of encryption to the Lesbian, Gay, Bisexual, and Transgender (LGBT) communities but it’s equally applicable to any oppressed segment of a society:

Despite advances over the last few decades, LGBTQ people, particularly transgender folks and people of color, face alarming rates of targeted violence, housing and job discrimination, school and workplace bullying, and mistreatment by law enforcement. In the majority of US states, for example, you can still be legally fired just for being gay.

So while anyone would be terrified about the thought of their phone in the hands of an abusive authority figure or a jealous ex-lover, the potential consequences of a data breach for many LGBTQ people could be far more severe.

[…]

LGBTQ people around the world depend on encryption every day to stay alive and to protect themselves from violence and discrimination, relying on the basic security features of their phones to prevent online bullies, stalkers, and others from prying into their personal lives and using their sexuality or gender identity against them.

In areas where being openly queer is dangerous, queer and trans people would be forced into near complete isolation without the ability to connect safely through apps, online forums, and other venues that are only kept safe and private by encryption technology.

These situations are not just theoretical. Terrifying real life examples abound, like the teacher who was targeted by for being gay, and later fired, after his Dropbox account was hacked and a sex video was posted on his school’s website. Or the time a Russian gay dating app was breached, likely by the government, and tens of thousands of users received a message threatening them with arrest under the country’s anti-gay “propaganda” laws.

Systematic oppression requires information. In order to oppress a segment of the population an oppressor must be able to identify members of that segment. A good, albeit terrifying, example of this fact is Nazi Germany. The Nazis actually made heavy use of IBM counting machines to identify and track individuals it declared undesirable.

Today pervasive surveillance is used by state and non-state oppressors to identify those they wish to oppress. Pervasive surveillance is made possible by a the lack of the use of effective encryption. Encryption allows individuals to maintain the integrity and confidentiality of information and can be used to anonymize information as well.

For example, without encryption it’s trivial for the State to identify transgender individuals. A simple unencrypted text message, e-mail, or Facebook message containing information that identifies an individual a transgender can either be read by an automated surveillance system or acquired through a court order. Once identified an agent or agents can be tasked with keeping tabs on that individual and wait for them to perform an act that justified law enforcement involvement. Say, for example, violating North Carolina’s idiotic bathroom law. After the violation occurs the law enforcement agents can be sent in to kidnap the individual so they can be made an example of, which would serve to send a message of terror to other transgender individuals.

When data is properly encrypted the effectiveness of surveillance is greatly diminished. That prevents oppressors from identifying targets, which prevents the oppressors from initiating interactions entirely. Manners are good when one may have to back up his acts with his life. Manners are better when one doesn’t have to enter into conflict in the first place.

Another Hero Becomes A Political Prisoner Of Uncle Sam

Anybody who has been paying attention to the depravities of the State won’t be surprised by this post. It is a post about another hero who has been turned into a political prisoner by the State. This hero worked to reduce the violence in the drug market by keeping both buyers and sellers anonymous. He did this in spite of the fact that the last person who followed this path ended up imprisoned for life. Unfortunately the fate of his predecessor likely convinced this hero to plead guilty and suffer a reduced sentence rather than be railroaded by the State’s courts:

Last week, a federal judge in Washington formally accepted the guilty plea of Brian Farrell, the 28-year-old who had been accused in 2015 of being the right-hand man to the head of Silk Road 2.0, the copycat website inspired by the infamous Tor-enabled drug website.

In a 2015 press release, the Department of Justice said that SR2 had generated approximately $8 million per month since it began in November 2013.

While the State was busy sending Special Weapons And Tactics (SWAT) teams to people’s houses at oh dark thirty to kick in their doors, shoot their dogs, and kidnap them because they were in possession of a plant, Brian Farrell was helping run a service that kept those psychotic law enforcers away from both buyers and sellers. After all, neither drug buyers or sellers actually commit actual crimes. There is no victim in a mutually agreed upon transaction.

Due to the illegal nature of the drug trade violence often does creep into the mix though. Most of this violence occurs between competing dealers but sometimes it occurs when disagreements arise between buyers and sellers. Since the State has declared the drug trade illegal, claims a monopoly on dispute resolution services, and ruthlessly pursues anybody who creates a dispute resolution service for drug market actors there are few places for a wronged seller or buyer to go. Silk Road and Silk Road 2 acted as both a marketplace and a dispute resolution service. Through escrow, mediation, and user reviews both Silk Roads allowed wronged parties to have their disputes resolved peacefully. In fact there was no way for wronged parties to resort to violence since all parties were anonymous.

Online drug marketplaces are considered illegal by the State. But the vast majority of crimes perpetrated in relation to these marketplaces are those committed by the State as it uses its capacity for violence to terrorize and punish anybody involved in the drug trade.

Brian Farrell, like Ross Ulbricht before him, should be remembered as a hero who tried to stem the tide of government violence.

An Armed Society Is A Polite Society

Muslims are a minority in the United States. Anti-Muslim sentiments are also at a high. Those two points create the perfect conditions for anti-Muslim bigots to act brave and mighty. Heinlein wrote, “An armed society is a polite society. Manners are good when one may have to back up his acts with his life.” From this one can infer that an unarmed society is an impolite society. Manners are bad when one faces no consequences for their actions.

A group of anti-Muslim bigots planned to hold a protest at a mosque in Dallas. I’m sure the participants had crusader-like visions of appearing brave and powerful compared to the infidels they planned to protest. Especially since they were brining weapons and likely assume their targets were going to be unarmed. But things didn’t turn out quite as they expected:

A few hundred South Dallas residents, mostly black, flooded Martin Luther King Jr. Boulevard to oppose a planned demonstration by a mostly white group that routinely protests outside mosques.

Both sides were armed.

Dallas police stood guard on a funeral home’s roof as black counterprotesters swarmed the parking lot of Eva’s House of Bar-B-Q, vowing to defend their streets and chanting “black power.”

“This is what they fear — the black man,” said activist Olinka Green. “This is what America fears.”

The anti-mosque group showed up in camouflage, carrying guns and an American flag, FOX 4 reported. They left soon after and the protests ended without incident.

Instead of protesting an unarmed group of Muslims the protesters found themselves up against armed counterprotesters. As is usual in case when two equally armed but disagreeing groups come into contact, the conflict ended peacefully. The protesters, seeing their perceived advantage vanish, decided to withdraw rather than risk a conflict with a group that could put up an effective resistance. In effect the protesters saw that they might actually have to back up their actions with their lives and decided it would be smarter to take the polite route than to continue their impolite actions.

Time and time again history has shown us what happens when one group enjoys overwhelming force over another: genocide. I advocate that everybody wanting to bear arms do so. But I especially encourage members of oppressed groups to bear arms. The biggest enabler of oppression is force disparity. This is why oppressors always try to disarm their intended victims. After the Civil War the State passed arms control laws specifically aimed at disarmed newly freed blacks. In the aftermath of the 1857 Indian rebellion Britain passed weapon control laws aimed at disarming Indians. When the Third Reich came to power it passed laws expressly forbid Jews from owning firearms. But without force disparity oppression is much more costly to perpetrate. With the risks of oppressing a target group increased most would-be oppressors tend to keep their actions to mere words whispered behind closed doors.

Compromising Self-Driving Vehicles

The difficult part about being a technophile and an anarchist is that the State often highjacks new technologies to further its own power. These highjackings are always done under the auspices of safety and the groundwork is already being laid for the State to get its fingers into self-driving vehicles:

It is time to start thinking about the rules of the new road. Otherwise, we may end up with some analog to today’s chaos in cyberspace, which arose from decisions in the 1980s about how personal computers and the Internet would work.

One of the biggest issues will be the rules under which public infrastructures and public safety officers may be empowered to override how autonomous vehicles are controlled.

When should law enforcers and safety officers be empowered to override another person’s self-driving vehicle? Never. Why? Setting aside the obvious abuses such empowerment would lead to we have the issue of security, which the article alludes to towards the end:

Last, but by no means least, is whether such override systems could possibly be made hack-proof. A system to allow authorized people to control someone else’s car is also a system with a built-in mechanism by which unauthorized people — aka hackers — can do the same.

Even if hackers are kept out, if every police officer is equipped to override AV systems, the number of authorized users is already in the hundreds of thousands — or more if override authority is extended to members of the National Guard, military police, fire/EMS units, and bus drivers.

No system can be “hacker-proof,” especially when that system has hundreds of thousands of authorized users. Each system is only as strong as its weakest user. It only takes one careless authorized user to leak their key for the entire world to have a means to gaining access to everything locked by that key.

In order to implement a system in self-driving cars that would allow law enforcers and safety officers to override them there would need to be a remote access option that allowed anybody employed by a police department, fire department, or hospital to log into the vehicle. Every vehicle would either have to be loaded with every law enforcer’s and safety officer’s credentials or, more likely, rely on a single master key. In the case of the former it would only take one careless law enforcer or safety officer posting their credentials somewhere an unauthorized party could access them, including the compromised network of a hospital, for every self-driving car to be compromised. In the case of the latter the only thing that would be required to compromise every self-driving car is the master key being leaked. Either way, the integrity of the system would be dependent on hundreds of thousands of people maintaining perfect security, which is an impossible goal.

If self-driving cars are setup to allow law enforcers and safety officers to override them then they will become useless due to being constantly compromised by malicious actors.

Monday Metal: The Lord Of Steel By Manowar

This week we’re going to listen to some mother fucking Manowar. If you don’t like it leave the hall.

Having Your Surveillance Cake And Eating It Too

At one point it wasn’t uncommon for employers to issue company devices to employees. Things have changed however and now it is common for employers to expect employees to use their personal devices for work. It seems like a win-win since employees don’t have to carry two cell phones or use whatever shitty devices their company issues and employers safe money on having to buy devices. However, it leads to an interesting situation. What happens when the employer wants to surveil an employee’s personal device? That’s the battle currently being waged by Minnesota’s state colleges and their employees:

Two faculty unions are up in arms over a new rule that would allow Minnesota’s state colleges and universities to inspect employee-owned cellphones and mobile devices if they’re used for work.

The unions say the rule, which is set to take effect on Friday, would violate the privacy of thousands of faculty members, many of whom use their own cellphones and computers to do their jobs.

“[It’s] a free pass to go on a fishing expedition,” said Kevin Lindstrom, president of the Minnesota State College Faculty.

But college officials say they have an obligation under state law to protect any “government data” that may be on such devices, and that as public employees, faculty members could be disciplined if they refuse to comply.

If the universities have such a legal obligation then they damn well should be issuing devices. Data is at the mercy of the security measures implemented on whatever devices it is copied to. When businesses allow employees to use personal devices for work any data that ends up on those devices is secured primarily by whatever measure the employee has put into place. While you can require certain security measures such as mandating a lock screen password on the employee’s phone, employees are still generally free to install any application, visit any website, and add any personal accounts to the device. All of those things can compromise proprietary company data.

By issuing centrally managed devices, the universities could restrict what applications are installed, what webpages devices are willing to visit, and what accounts can be added.

There is also the issue of property rights. What right does an employer have to surveil employee devices? If so, how far does that power extend? Does an employer has the right to surveil an employee’s home if they work form home or ever take work home? Does an employer have the right to surveil an employee’s vehicle if they use that vehicle to drive to work or travel for work? When employers purchase and issue devices these questions go away because the issued devices are the employer’s property to do with as they please.

If an employer wants to surveil employee devices then they should issue devices. If an employer is unwilling to issue devices then they should accept the fact they can’t surveil employee devices. If an employer is under a legal obligation to protect data then it needs to issue devices.

FBI Heroically Saves Us From Yet Another Person It Radicalized

Without the Federal Bureau of Investigations (FBI) who would protect us from the people radicalized by the FBI? Without the heroics of the agency a lot of people might be dead today — killed by a terrorist radicalized by the FBI:

KHALIL ABU RAYYAN was a lonely young man in Detroit, eager to find a wife. Jannah Bride claimed she was a 19-year-old Sunni Muslim whose husband was killed in an airstrike in Syria. The two struck up a romantic connection through online communications.

Now, Rayyan, a 21-year-old Michigan man, is accused by federal prosecutors of supporting the Islamic State.

Documents released Tuesday show, however, that Rayyan was motivated not by religious radicalism but by the desire to impress Bride, who said she wanted to be a martyr.

Jannah Bride, not a real name, was in fact an FBI informant hired to communicate with Rayyan, who first came to the FBI’s attention when he retweeted a video from the Islamic State of people being thrown from buildings. He wrote later on Twitter: “Thanks, brother, that made my day.”

According to the FBI, the agency discovered a radicalized supporter of the Islamic State that was going to perpetrate a terrorist attack. But the attack never happened because the FBI was able to discover the individual ahead of time and intervene.

Put into normal people lingo, the FBI found somebody with neither the motivation or means to perform a terrorist attack. The agency then provided the motivation and eventually the means. If the FBI hadn’t inserted itself into this individual’s life they still wouldn’t have perpetrated a terrorist attack.

I like to say, if it weren’t for the people radicalized by FBI agents there wouldn’t be any terrorists for the FBI to capture. When I first started saying that it was done with a modicum of sarcasm because I assumed the agency did manage to fight some actual crime once in a while. But so many of these FBI created cases exist that they literally fill a book. It’s getting to the point where seems the agency’s only job is dealing with the “terrorists” it creates.

FIREClean Sues Andrew Tuohy And Everett Baker

Gun owners had a spot of fun at FIREClean’s expense. FIREClean, a product sold for cleaning and lubricating firearms, turned out to appear very similar to Crisco when analyzed with infrared spectroscopy. Many of us laughed and a lot of FIREClean customers weren’t amused by the thought that they were charged a premium price for what appeared to be essentially Crisco.

Now that FIREClean’s profits have fallen they’re looking for a scapegoat. That scapegoat took the form of the two individuals who kicked off this entire fiasco by having the audacity to analyze FIREClean’s product:

FIREClean did respond, insisting that “allegations do not focus on actual performance or relevant tests, and draw a misleading picture”. The response did not deny that their product was similar to the oils tested alongside it in the spectroscopy.

Now it seems that on March 17th, FireClean LLC has filed a lawsuit against Mr. Tuohy and Everett Baker, a man who performed his own tests to verify Tuohy’s findings. In their complaint, FireClean LLC claims that “Tuohy initiated a public smear campaign against FireClean” and holds that Mr. Baker “contacted Tuohy for the express purpose of conspiring with him to further defame and damage FireClean”. FireClean LLC also states that since the publishing of the test, their revenues have fallen by over $25,000 per month.

Before this lawsuit I simply found FIREClean’s situation amusing. But now I think the creators of FIREClean are assholes.

Performing independent analysis and publicly releasing the findings isn’t a smear campaign. Neither person, as far as I can find, every said FIREClean is Crisco. In fact Andrew went to some lengths to clearly state that he didn’t think FIREClean was Crisco. What they said was that FIREClean and Crisco appear very similar when analyzed by infrared spectroscopy. That isn’t a false statement because the data showed exactly that.

The lawsuit itself [PDF] even admits that the defendants didn’t claim FIREClean was Crisco:

47. The statement, “FireClean is probably a modem unsaturated vegetable oil virtually the same as many oils used for cooking,” and its implications, are false.

Notice the word “probably” in that sentence? That makes it speculative and a speculation based on evidence isn’t false. Had the statement been, “FireClean is a modem unsaturated vegetable oil virtually the same as many oils used for cooking,” then there would be grounds that the defendants made a false statement.

One point in the lawsuit note that, “infrared spectroscopy is not scientifically suitable for comparing oils from the same class of compounds, such as triacylglycerides or hydrocarbons.” Another point notes that the tests weren’t performed with any controls. Refuting findings because of insufficient or incorrect testing methods is a perfectly valid rebuttal. Such a rebuttal can be posted publicly without a lawsuit. The fact that FIREClean only brought up these points now and not in its initial rebuttal just makes the company look like a gigantic asshole.

The lawsuit also makes a big stink about the personal opinion expressed by Andrew:

50. Defendant Tuohy also quoted the anonymous professor as saying: “I don’t see any sign ofother additives such as antioxidants or corrosion inhibitors. Since the unsaturation in these oils, especially linoleate residues, can lead to their oligomerization with exposure to oxygen and light, use on weapons could lead toformation o fsolid residues (gum) with time. The more UV and oxygen, the more the oil will degrade.” (Ex. C at 3-4, emphasis in original.)

51. Based on these purported facts, Tuohy wrote that “[g]iven that people in the military are often exposed to both UV and oxygen (such as when they go outdoors) and also need corrosion protection for their firearms, I would not recommend FireClean be used by members ofthe military.” {Id. at 4.)

52. In fact, FTIR spectroscopy is not an appropriate tool to test for corrosion resistance.

53. The suggestion that FIREClean is not suitable for military use is false. The assertion that FIREClean® is not suitable for use in settings with UV, light, moisture and oxygen is false.

Again, the defendant didn’t say, “FIREClean can’t protect against corrosion and breakdown when exposed to ultraviolet radiation and oxygen.” All he did was express an opinion that was based on analysis of the product. That’s not a smear campaign.

This lawsuit, as far as I’m concerned, is entirely frivolous in nature. A lawsuit is also an improper response to diminishing profits. If FIREClean wanted to address the potential damage done by the analysis it should have publicly posted a detailed rebuttal explaining why the testing procedures were insufficient or incorrect. Under such a rebuttal the company could then explain why it found the speculative statements and opinions of Andrew and Everett to be in error.

I’ve never purchased FIREClean so I can’t make a big deal about never doing business with that company again. But I will say that I will never do business with FIREClean in the future. I also threw a few bucks towards the defendants’ GoFundMe legal defense campaign. While I can’t withhold money from a company I’ve never done business with I can give money to help people being legally targeted by it.